[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-help-public] [sr #106651] Savannah should use CAcert.org-signe
|
From: |
Sylvain Beucler |
|
Subject: |
[Savannah-help-public] [sr #106651] Savannah should use CAcert.org-signed SSL certificates |
|
Date: |
Wed, 18 Mar 2009 09:04:08 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.7) Gecko/2009021906 Firefox/3.0.7 |
Follow-up Comment #10, sr #106651 (project administration):
> Again, why can't you just use the certificates
> the FSF has already purchased?
Those certs were bought by mistake and will expire in a few months.
We believe in an alternate way to express trust, not based on a bootstrap
group of opportunists, money, and unclear browser-inclusion rules - check the
links.
> They are from a reputable CA and are accepted
> by all major browsers.
Ms windows is pre-installed in all major hardware products, this doesn't make
it something we want to use.
"Reputable" CAs make mistakes, e.g. http://blog.startcom.org/?p=145
> We shouldn't be teaching users to ignore SSL
> error messages from their browsers just to access Savannah
This is wrong. The documentation tells to accept the CAcert certificate and
none else. I didn't hear anybody complain when we used self-signed certs,
which is worse, so please don't mix up Firefox' new error message and the use
of CAcert.org.
> CAcert is [...]
I won't discuss any further until there's supported arguments.
And last, I'd appreciate your opening a discussion on the cacert.org mailing
list where educated people can answer your worries, instead of spreading
unverified claims to their users on their back.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?106651>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/